CVE-2023-32450

{"id": "CVE-2023-32450", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 4.2, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-07-27T05:15:10.363", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000215215/dsa-2023-181-dell-power-manager-security-update-for-an-improper-access-control-vulnerability", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.dell.com/support/kbdoc/en-us/000215215/dsa-2023-181-dell-power-manager-security-update-for-an-improper-access-control-vulnerability", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-379"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "\nDell Power Manager, Versions 3.3 to 3.14 contains an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access.\n\n"}, {"lang": "es", "value": "Dell Power Manager en versiones de la 3.3 hasta la 3.14 contiene una vulnerabilidad de control de acceso inadecuado. Un usuario malintencionado con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario con acceso limitado. "}], "lastModified": "2024-11-21T08:03:22.680", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:power_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87F6B871-B6D8-4FB1-8D38-4A8FBA25DF08", "versionEndExcluding": "3.15", "versionStartIncluding": "3.3"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}